DOCSLIB.ORG

Northern, Yorkshire and Humber Directors of Information

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Northern, Yorkshire and Humber Directors of Information

Northern, Yorkshire and Humber Directors of Information IG Sub Group (And SIGN for Y&H SHA) Minutes of the Meeting held 11th February 2011 Goole and District Hospital

Attendees: Carl Starbuck (CSB – Chair) Anne-Marie Field (AMF) Peter Wilson (PW) Kath Allen (KA) Tony Hammond (TH) Barry Jackson (BJ) Nicola Smith (NS) Michael Goodson (MG) John Johnson (JJ) Jenny Williams (JW) Katie Hyde (KH) Roy Underwood (RU) Ray Dyson (RD) Carolyn Sampson (CS) John Francis (JF) Steve Massen (SM) Rachael Smith (RS) Mick Lawton (ML) Catherine Howard (CH)

Apologies: Heather Cook (HC) Dawn Foster (DF) Jane Grayson (JG) Catherine Nicholson (CN) Manni Imiavan (MI) Lisa Wilson (LW) Chris Plumstead (CP) John Wolstenholme (JW) David Hoar (DH) Narrisa Leyland (NL) Sue Meakin (SM)

1 Apologies Apologies were received as listed above. 2 Minutes of Previous Meeting

Minutes of the meeting held on Friday 14th January 2011 were agreed as a correct record. 3 Matters Arising

3a ‘ Pre-Meeting’ for Specific Issues It was agreed that this meeting was useful although acknowledged that the meeting format could be less formal. BJ agreed that he would be available from 11.30am to speak to delegates in the Goole hospital canteen prior to future IG Subgroup meetings. BJ also agreed that he would make himself BJ/All available to speak to delegates after our meeting ends, until 5pm. AMF agreed to communicate these meeting arrangements AMF to all delegates.

3b SUI’s With regards the reported incident of laptops being stolen that were part of diagnostic equipment, which were not encrypted – 1 RU added that a full report had been written and forwarded to the ICO explaining that minimal information had been held on these devices. All equipment in this organisation is now being risk assessed from handhelds to body scanners. Web programmers have drawn up a questionnaire to be completed on each device. RU agreed to circulate the questionnaire to the RU group.

3c Items for CPC to Consider A communication has been forwarded around the group asking for delegates to consider the future of security products previously supplied under NHS licence. CSB thanked members for the responses received so far and asked that members continue to let him know if there is anything that they would like CPC to look at ‘group purchasing’ for us.

Signed For Mail 3d The group had been asked to raise any problems with Royal Mails ‘signed for’ and other services with AMF for collation to establish whether this is a regional issue. As very little negative feedback was reported, this will not be taken forward at this time.

4 National Learning Management System (NLMS) A presentation was delivered to the group on the NLMS platform and how IGTT content accessed via NLMS feeds through into ESR.

AMF agreed to forward copies of the presentation slides to AMF delegates.

In answer to questions raised from the group:-

4a Reporting gives ‘current’ work location / team – i.e. not the team / location where the employee worked when they passed. Useful for progress chasing.

4b Following a streamline review on 14th Jan 2011, the log-on process for registering onto a course now takes only 4 clicks.

4c For queries / system issues delegates should contact their OLM Leads.

4d The information from the CfH IGTT or other platform can be ‘bulk uploaded’ into NLMS.

4e Initial IT computer configuration work may be required to ensure that Java-Script runs as it should. PC compatibility may be assessed using the online compatibility tool.

2 5 SHA Update (SIGN) BJ provided an update as follows:-

5a Contacting BJ BJ noted that (as per item 3a above) he would be available to speak to delegates before and after the IG Subgroup meeting. He also agreed that he would be happy to be contacted direct as and when delegates required his input.

5b IG Newsletter BJ had circulated a ‘newsletter’ to the group. He noted that he would produce this newsletter which provides more of an overall update on a range of IG issues, as well as circulate a report from the SHA which gets presented at the monthly Strategic Information Governance Network (SIGN) meeting. BJ noted that the newsletter ought to be circulated as widely as possible across organisations for information.

5c Care Records Guarantee An update to the NHS Care Record Guarantee has been published. A summary of the main changes have been circulated - one of particular note is the removal of the right to see who has looked at your care record (although, it is noted that this right has been upheld / established in case law: EC vs Finland).

5d National Information Governance Board Whilst acknowledging that the NIGB will be abolished under the recent government review, their web site has been revamped with easy access to a range of useful guidance documents.

5e IG Toolkit v8 Replies to the recent letter from the SHA indicate that many organisations are going to struggle to meet level 2 on a number of requirements. BJ thanked all organisations who had submitted a return.

5f IG Training Tool There has been an update circulated regarding requirement 8- 112, which extends the deadline for completion of IG Training to 30th June 2011. It is noted that where staff are moving from one organisation to another – conversations should be taking place with regards to what the position of IG staff training is prior to the move.

5g The CfH IG Training Tool Refresher Module is now available.

5h Overseas Data Processing It is noted that some organisations may be aiming to claim ‘Not Relevant’ for IGTK 8-209 whereas, due to the way that elements of ESR operate, it may be that some personal data is being

3 processed overseas.

It was noted that contractors may acknowledge their status as ‘data controllers’ and if they chose to forward information overseas for processing they would be responsible for ensuring the safety of the data.

5i Transforming Community Services PCTs have been carrying out a great deal of work on this. Work needs to be completed by 1st April (unless an exemption has been granted). Data transfer agreements are recommended to cover issues such as the transfer of significant quantities of personal and corporate data from one organisation to another. BJ agreed to circulate an example data transfer agreement. BJ

5j Records Management and Organisational Change A working group has been established to look at the issues arising out of the abolition of the SHAs and PCTs and the creation of new bodies. It is noted that MG is our lead on this. MG provided a brief update of a recent meeting and agreed to MG keep the group updated.

5k Transfer of Patient Records Storage of records, particularly deceased record storage is an issue as this can require up to 800 pages to be printed off and transferred by post to expensive off-site storage. Efficient alternatives are being sought.

5l Single Sign On (SSO) The Informatics Team in North East Lincolnshire Care Trust Plus are starting a project to look at SSO which will include formal evaluation of the technology and development of a business plan. Members with any interest or experience in this area are asked to contact BJ. CSB declared an interest on behalf of All Leeds PFT. BJ agreed to keep the group updated on progress. BJ

6 IG Toolkit Version 8

6a IG Toolkit Evidence Uploads The speed of upload has been raised as an issue on the CfH Toolkit site – for organisations to be aware when scheduling evidence uploads, particularly as the deadline approaches.

6b Refresher Module Content Analysis CSB has completed the refresher training module and noted the following discrepancies:-

 The definition of ‘Sensitive data' omits political affiliation and trade union membership – a worrying omission when training is used by e.g. HR staff.

4  The training module states "Other details, e.g. a person’s bank account details, DNA or finger prints are not listed in the Data Protection Act 1998 but are still regarded as sensitive because of the damage and distress that could be caused if they were not properly protected". This is contra to the Act’s definition of both person-identifiable and sensitive data.

6c  Although the course is intended as a refresher for the base-level modules, it introduces some updates to DoH / NHS / Government documents which would be beyond the scope of most users of the course and in reality would be relevant only to IG practitioners.

6d CSB asked delegates to forward details of any factual All inaccuracies that they discover in the learning content of the new refresher module to AMF for collation.

6e The group discussed experience of completion of the refresher module in general and agreed that information was probably a little more detailed and in depth than need be (some information is covered in great detail and only applies to nominated staff members, for example, FOI officers etc (for which there is a separate, specific module available).

6f Alternative IG Training Tools Confirmation has been received from Marie Greenfield – IG Policy Manager, that staff who have previously undertaken TIGER training can move to the Refresher Module without the prior need to complete the ‘Beginners Guide’ or ‘Introduction to IG’ first.

6g It was clarified that the system will allow completion of the refresher module if you have not completed any previous modules as pre-requisites. 7 Confidentiality, Data Protection and FOI

Confidentiality

7a Patient Opinion Website CSB discussed the ‘Patient Opinion’ website that has been set up for service users to input narrative about their experiences in care services. Trusts are encouraged to be pro-active in engaging with the site, possibly via PALS. The site is moderated – identifiers are removed. For organisations to be aware and ensure Comms departments have been notified.

7b Blog Sites BJ discussed a public ‘blog site’ used by a particular individual to share details of their medical history, which includes detailed

5 aspects of ailments and treatment. The site contains scanned copies of prescriptions, sick notes and letters of consultations with doctors, along with snippets from medical staff personal profile web pages (lifted from general practice / hospital sites) including full names and photographs etc. Although it is acknowledged that there is no breach of confidentiality with regards the patient publishing his own personal data, he may be breaching copyright by lifting content from other websites. BJ agreed to circulate the link to this blog BJ site for comments.

7c Facebook / Twitter disclaimer KH asked if any group members had examples of disclaimers used for Facebook/Twitter. TH agreed to forward an example to TH KH.

FOI 7d Caldicott Guardian Request KA noted a recent FOI sent to CfH - a request for the list of Caldicott Guardians. This information has been denied and declared exempt under Section 40, personal data. KA has appealed this decision and has agreed to keep the group KA updated. The group agreed that Section 40 was not applicable given the senior public office nature of such a role.

7e Vexatious Requests The recent ICO decision notice, finding in the favour of Birmingham Heartlands Hospital (Jan 2011) was noted as an example case. It was agreed that this was instructional on what point an FOI request for information could be deemed ‘vexatious’.

7f Data Protection Act It was queried whether a recent request for information from a council would breach the terms of the DPA. The council had asked for a list of patient names and addresses with aims of carrying out a satisfaction survey. The council had quoted the 1972 Local Government Finance Act. It was agreed that this Act did not apply where the release of information would be in breach of the DPA unless Schedule 2 conditions permitted this, however this was felt unlikely to be engaged.

8 Data and IT Security

No issues raised.

9 Group E-mail Log

Circulated to the group for information.

6 10 AOB

Patient Information on Facebook It was agreed that the disclosure of any restricted information relating to ‘work’ (such as sharing information that might identify a patient (name or initials / location) or any other work related ‘web gossiping’ on social networking sites (such as Facebook / Twitter etc) would not be tolerated.

Staff sharing clinical detail on social networking sites may face the possibility of having their medical registration license to practise revoked.

The date of the next meeting is: Friday 11th March 2011, 1.00pm Goole and District Hospital – Lecture Room

** Pre-Meeting from 11.30 in The Viking Hotel

7

Load more

Recommended publications